Commit 8ec16ce7 authored by Lutz Jänicke's avatar Lutz Jänicke
Browse files

Really fix SSLv2 session ID handling 

PR: 377
parent 0e4aa0d2

CHANGES

+9 −0
Original line number Diff line number Diff line
@@ -375,6 +375,15 @@ TODO: bug: pad x with leading zeros if necessary 
 

 Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]



  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly

     checked on reconnect on the client side, therefore session resumption

     could still fail with a "ssl session id is different" error. This

     behaviour is masked when SSL_OP_ALL is used due to

     SSL_OP_MICROSOFT_SESS_ID_BUG being set.

     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as

     followup to PR #377.

     [Lutz Jaenicke]



  *) IA-32 assembler support enhancements: unified ELF targets, support

     for SCO/Caldera platforms, fix for Cygwin shared build.

     [Andy Polyakov]

ssl/s2_clnt.c

+1 −1
Original line number Diff line number Diff line
@@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s) 
		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))

			{

			if ((s->session->session_id_length > sizeof s->session->session_id)

			    || (0 != memcmp(buf, s->session->session_id,

			    || (0 != memcmp(buf + 1, s->session->session_id,

			                    (unsigned int)s->session->session_id_length)))

				{

				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);